About AlienVault

Agenda

• What is malware?

• Malware variants

• How does it get in?

• Tips for mitigating risk

• Detecting malware with USM

What is Malware?

Malware is a portmanteau that

refers to malicious software and

encompasses a large variety of

computer programs designed to

steal sensitive data, gain

unauthorized access, or just

wreak havoc.

Malware Variants

Ransomware

• Cryptolocker

• Bitlocker

• Cryptovault

Remote access

• Rootkits

Data gathering

• Spyware

• Adware

General maliciousness

Top Threats seen by SpiceHeads

We asked SpiceHeads what kind of malware they are seeing and

these seem to be the most prevalent:

• Ransomware

• Potentially Unwanted Programs (PUPs)

• Misc phishing emails

• Malicious email attachments disguised as

PDFs, Excel docs, etc.

Most popular “funny” answer?

Users… :p

How does it get in?

Users

• Blindly clicking links in email, social media, etc.

• Downloading and running email attachments

• Disgruntled/generally malicious users

• Using company assets outside of corporate perimeter

Social Engineering

• Phishing/Spearphishing

• Drive-by downloads

• Malicious executables

But, wait… I have Endpoint Protection!

While Anti-Malware scanners will spot the majority of malicious files, there are several ways to get past them:

• Polymorphic code

- Over lifespan of malware

- In real-time (every copy looks different)

• Encryption/packing

• Stealth

- Monitor system resource utilization

- Hiding malware in legitimate applications

- Sometimes even block anti-virus and/or system messages that might alert a user to the malware’s presence

• Some legacy Firewalls may not have the tech to detect

Risk Mitigation

Education

• Ongoing training

- New, different malware variants

- Delivery mechanisms

• Institute a policy

- What you can and cannot download on the corporate network

- What to do if your users get hit

Containment

• Network segmentation

Risk Mitigation

Continuous Monitoring

• Operate under the assumption that you will get breached

- If prevention doesn’t work for these folks, why do you think it would

work for you?

• Multiple detection methods

- Don’t put all of your eggs in one basket

AlienVault Vision

Accelerating and simplifying threat

detection and incident response for IT

teams with limited resources, on day

one

Enable organizations of all sizes to

benefit from the power of crowd-

sourced threat intelligence & unified

security

AlienVault USM:Discover Security That’s Highly Intelligent

Unified Security Management Platform

Accelerates and simplifies threat detection and incident response for IT teams with

limited resources, on day one

AlienVault Labs Threat Intelligence

Identifies the most significant threats targeting your

network and provides context-specific remediation

guidance

Open Threat Exchange

The world’s largest repository of crowd-sourced

threat data, provides a continuous view of

real-time threats

AlienVault Approach:

Unified Security Management

USM Platform

ASSET DISCOVERY

• Active Network Scanning

• Passive Network Scanning

• Asset Inventory

• Host-based Software Inventory

VULNERABILITY

ASSESSMENT

• Continuous

Vulnerability Monitoring

• Authenticated /

Unauthenticated Active

Scanning

BEHAVIORAL MONITORING

• Log Collection

• Netflow Analysis

• Service Availability Monitoring

SIEM

• SIEM Event Correlation

• Incident Response

INTRUSION DETECTION

• Network IDS

• Host IDS

• File Integrity Monitoring

Built-In, Essential Security Capabilities

Open Threat Exchange

DEMO

888.613.6023

ALIENVAULT.COM

CONTACT US

HELLO@ALIENVAULT.COM

Now for some Questions..

Questions? Hello@AlienVault.com

Twitter : @alienvault

Test Drive AlienVault USM

Download a Free 30-Day Trial

http://www.alienvault.com/free-trial

Check out our 15-Day Trial of USM for AWS

https://www.alienvault.com/free-trial/usm-for-aws

Try our Interactive Demo Site

http://www.alienvault.com/live-demo-site